yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not expose insightsEnabled, templateId on public shares

Browse Source
This commit is contained in:
Tom Moor
2023-10-22 13:49:50 -04:00
parent 764dc84da9
commit fb74494108
2 changed files with 10 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/presenters/document.ts
View File

@@ -38,11 +38,8 @@ async function presentDocument(
archivedAt: document.archivedAt, archivedAt: document.archivedAt,
deletedAt: document.deletedAt, deletedAt: document.deletedAt,
teamId: document.teamId, teamId: document.teamId,
template: document.template,
templateId: document.templateId,
collaboratorIds: [], collaboratorIds: [],
revision: document.revisionCount, revision: document.revisionCount,
insightsEnabled: document.insightsEnabled,
fullWidth: document.fullWidth, fullWidth: document.fullWidth,
collectionId: undefined, collectionId: undefined,
parentDocumentId: undefined, parentDocumentId: undefined,
@@ -59,6 +56,9 @@ async function presentDocument(
data.createdBy = presentUser(document.createdBy); data.createdBy = presentUser(document.createdBy);
data.updatedBy = presentUser(document.updatedBy); data.updatedBy = presentUser(document.updatedBy);
data.collaboratorIds = document.collaboratorIds; data.collaboratorIds = document.collaboratorIds;
data.templateId = document.templateId;
data.template = document.template;
data.insightsEnabled = document.insightsEnabled;
} }
return data; return data;

20
server/routes/api/documents/documents.ts
View File

@@ -400,9 +400,7 @@ router.post(
router.post( router.post(
"documents.info", "documents.info",
auth({ auth({ optional: true }),
optional: true,
}),
validate(T.DocumentsInfoSchema), validate(T.DocumentsInfoSchema),
async (ctx: APIContext<T.DocumentsInfoReq>) => { async (ctx: APIContext<T.DocumentsInfoReq>) => {
const { id, shareId, apiVersion } = ctx.input.body; const { id, shareId, apiVersion } = ctx.input.body;
@@ -507,9 +505,7 @@ router.post(
router.post( router.post(
"documents.export", "documents.export",
rateLimiter(RateLimiterStrategy.FivePerMinute), rateLimiter(RateLimiterStrategy.FivePerMinute),
auth({ auth({ optional: true }),
optional: true,
}),
validate(T.DocumentsExportSchema), validate(T.DocumentsExportSchema),
async (ctx: APIContext<T.DocumentsExportReq>) => { async (ctx: APIContext<T.DocumentsExportReq>) => {
const { id } = ctx.input.body; const { id } = ctx.input.body;
@@ -769,9 +765,7 @@ router.post(
router.post( router.post(
"documents.search", "documents.search",
auth({ auth({ optional: true }),
optional: true,
}),
pagination(), pagination(),
rateLimiter(RateLimiterStrategy.OneHundredPerMinute), rateLimiter(RateLimiterStrategy.OneHundredPerMinute),
validate(T.DocumentsSearchSchema), validate(T.DocumentsSearchSchema),
@@ -1342,10 +1336,10 @@ router.post(
document.collection = collection; document.collection = collection;
return (ctx.body = { ctx.body = {
data: await presentDocument(document), data: await presentDocument(document),
policies: presentPolicies(user, [document]), policies: presentPolicies(user, [document]),
}); };
} }
); );
@@ -1431,10 +1425,10 @@ router.post(
document.collection = collection; document.collection = collection;
return (ctx.body = { ctx.body = {
data: await presentDocument(document), data: await presentDocument(document),
policies: presentPolicies(user, [document]), policies: presentPolicies(user, [document]),
}); };
} }
); );